CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1419 – Ubuntu Security Notice USN-5500-1
https://notcve.org/view.php?id=CVE-2022-1419
16 May 2022 — The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. La causa principal de esta vulnerabilidad es que el ioctl$DRM_IOCTL_MODE_DESTROY_DUMB puede disminuir el refcount de *drm_vgem_gem_object *(creado en *vgem_gem_dumb_create*) simultáneamente, y *vgem_gem_dumb_create *accederá al drm_vgem_gem_object liberado It wa... • https://bugzilla.redhat.com/show_bug.cgi?id=2077560 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 3CVE-2022-30594 – kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
https://notcve.org/view.php?id=CVE-2022-30594
12 May 2022 — The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP A flaw was found in the Linux kernel. The PTRACE_SEIZE code path allows attackers to bypass intended restri... • https://packetstorm.news/files/id/170362 • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4037 – kernel: security regression for CVE-2018-13405
https://notcve.org/view.php?id=CVE-2021-4037
11 May 2022 — A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2... • https://access.redhat.com/security/cve/CVE-2021-4037 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2022-29968 – Ubuntu Security Notice USN-5471-1
https://notcve.org/view.php?id=CVE-2022-29968
02 May 2022 — An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot res... • https://github.com/jprx/CVE-2022-29968 • CWE-909: Missing Initialization of Resource •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información in... • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2022-29582 – Debian Security Advisory 5127-1
https://notcve.org/view.php?id=CVE-2022-29582
22 Apr 2022 — In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. En el kernel de Linux versiones anteriores a 5.17.3, el archivo fs/io_uring.c presenta un uso de memoria previamente liberada debido a una condición de carrera en la función io_uring timeouts. Esto puede ser desencadenado por un usuario local qu... • https://github.com/Ruia-ruia/CVE-2022-29582-Exploit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.6EPSS: 1%CPEs: 2EXPL: 13CVE-2022-1015 – Ubuntu Security Notice USN-5390-2
https://notcve.org/view.php?id=CVE-2022-1015
21 Apr 2022 — A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. Se ha encontrado un fallo en el kernel de Linux en el archivo linux/net/netfilter/nf_tables_api.c del subsistema netfilter. Este fallo permite a un usuario local causar un problema de escritura fuera de límites David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices.... • https://github.com/pqlx/CVE-2022-1015 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0812 – Ubuntu Security Notice USN-5684-1
https://notcve.org/view.php?id=CVE-2022-0812
19 Apr 2022 — An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. Se ha encontrado un fallo de filtrado de información en NFS sobre RDMA en el archivo net/sunrpc/xprtrdma/rpc_rdma.c en el Kernel de Linux. Este fallo permite a un atacante privilegiado de usuario normales filtrar información del kernel It was discovered that the SUNRPC RDMA protocol implementation in the Linux kern... • https://access.redhat.com/security/cve/CVE-2022-0812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4917
https://notcve.org/view.php?id=CVE-2011-4917
18 Apr 2022 — In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. En el kernel de Linux versiones hasta 3.1, Se presenta un problema de divulgación de información por medio de /proc/stat • https://lkml.org/lkml/2011/11/7/340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
12 Apr 2022 — A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiada... • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •